PlateSpin Forge 11.1 User Guide

(1)

PlateSpin Forge

®

11.1

User Guide

(2)

Legal Notice

THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.

For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.

This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 227.7202-48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the

government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.

© 2015 NetIQ Corporation. All Rights Reserved.

For information about NetIQ trademarks, see https://www.netiq.com/company/legal/. License Grant

Licenses purchased for PlateSpin Forge 11 or later versions cannot be used for PlateSpin Forge 3.3 or prior versions. Third-Party Software

Please refer to the PlateSpin Third-Party License Usage and Copyright (https://www.netiq.com/documentation/

platespin_licensing/platespin_licensing_qs/data/platespin_licensing_qs.html) page for information about third party software used in PlateSpin Forge.

(3)

About this Book and the Library

This User Guide provides information about using PlateSpin Forge. It provides conceptual

information, an overview of the user interface, and step-by-step guidance for common tasks. It also defines terminology and includes troubleshooting information.

Intended Audience

This document is intended for IT staff, such as data center administrators and operators, who use PlateSpin Forge in their ongoing workload protection projects.

Information in the Library

The library for this product is available in HTML and PDF formats on the PlateSpin Forge

Documentation (https://www.netiq.com/documentation/platespin-forge/) website. In addition to the English language, online documentation is available in the Chinese Simplified, Chinese Traditional, French, German, Japanese, and Spanish languages.

The PlateSpin Forge library provides the following information resources: Release Notes

Provides information about new features and enhancements in the release, as well as any known issues.

Getting Started Guide

Provides information about how to configure the appliance for your environment. User Guide

Provides conceptual information, an overview of the user interface, and step-by-step guidance for common tasks.

Rebuild Guide

Provides information about how to rebuild and reconfigure the appliance. Upgrade Guide

Provides information about how to update the appliance software. Help

Provides context-sensitive information and step-by-step guidance for common tasks as you work in the user interface.

(8)

Additional Resources

We encourage you to use the following additional resources online:

 PlateSpin Forge Forum (https://forums.netiq.com/forumdisplay.php?56-Platespin-Forge): A web-based community of product users where you can discuss product functionality and advice with other product users.

 PlateSpin Forge Product (https://www.netiq.com/products/forge/): A web-based product brochure that provides information about features, how to buy, technical specifications, frequently asked questions, and a variety of resources such as videos and white papers.  NetIQ User Community (https://www.netiq.com/communities/): A web-based community with a

variety of discussion topics.

 NetIQ Support Knowledgebase (https://www.netiq.com/support/kb/): A collection of in-depth technical articles.

 NetIQ Support Forums (https://forums.netiq.com/forum.php): A web location where product users can discuss NetIQ product functionality and advice with other product users.

 MyNetIQ (https://www.netiq.com/f/mynetiq/): A website offering product information and services, such as access to premium white papers, webcast registrations, and product trial downloads.

(9)

About NetIQ Corporation

We are a global, enterprise software company, with a focus on the three persistent challenges in your environment: Change, complexity and risk—and how we can help you control them.

Our Viewpoint

Adapting to change and managing complexity and risk are nothing new

In fact, of all the challenges you face, these are perhaps the most prominent variables that deny you the control you need to securely measure, monitor, and manage your physical, virtual, and cloud computing environments.

Enabling critical business services, better and faster

We believe that providing as much control as possible to IT organizations is the only way to enable timelier and cost effective delivery of services. Persistent pressures like change and complexity will only continue to increase as organizations continue to change and the technologies needed to manage them become inherently more complex.

Our Philosophy

Selling intelligent solutions, not just software

In order to provide reliable control, we first make sure we understand the real-world scenarios in which IT organizations like yours operate — day in and day out. That's the only way we can develop practical, intelligent IT solutions that successfully yield proven, measurable results. And that's so much more rewarding than simply selling software.

Driving your success is our passion

We place your success at the heart of how we do business. From product inception to

deployment, we understand that you need IT solutions that work well and integrate seamlessly with your existing investments; you need ongoing support and training post-deployment; and you need someone that is truly easy to work with — for a change. Ultimately, when you succeed, we all succeed.

Our Solutions

 Identity & Access Governance  Access Management

 Security Management

(10)

Contacting Sales Support

For questions about products, pricing, and capabilities, contact your local partner. If you cannot contact your partner, contact our Sales Support team.

Contacting Technical Support

For specific product issues, please contact our Technical Support team.

To learn more about the services and procedures of NetIQ Technical Support, see the Technical Support Guide (https://www.netiq.com/Support/process.asp#_Maintenance_Programs_and).

Contacting Documentation Support

Our goal is to provide documentation that meets your needs. The documentation for this product is available on the PlateSpin Forge Documentation (https://www.netiq.com/documentation/platespin-forge/) website in HTML and PDF formats.

If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation. You can also email

[email protected]. We value your input and look forward to hearing from you.

Contacting the Online User Community

NetIQ Communities, the NetIQ online community, is a collaborative network connecting you to your peers and NetIQ experts. By providing more immediate information, useful links to helpful resources, and access to NetIQ experts, NetIQ Communities helps ensure you are mastering the knowledge you need to realize the full potential of IT investments upon which you rely. For more information, visit http://community.netiq.com.

Worldwide: www.netiq.com/about_netiq/officelocations.asp

United States and Canada: 1-888-323-6768

Email: [email protected]

Website: www.netiq.com

Worldwide: www.netiq.com/support/contactinfo.asp

North and South America: 1-713-418-5555

Europe, Middle East, and Africa: +353 (0) 91-782 677

Email: [email protected]

(11)

1

Planning Your PlateSpin Environment

PlateSpin Forge is a consolidated recovery hardware appliance that protects physical and virtual workloads (operating systems, middleware, and data) by using embedded virtualization technology. If there is a production server outage or disaster, workloads can be rapidly powered on within the PlateSpin Forge recovery environment, and continue to run as normal until the production environment is restored.

PlateSpin Forge enables you to:

 Quickly recover workloads upon failure

 Simultaneously protect multiple workloads (10 to 50, depending on the model)  Test the failover workload without interfering with your production environment

 Fail back failover workloads to either their original infrastructures or to completely new infrastructures, physical or virtual

 Take advantage of existing external storage solutions, such as SANs

With internal, prepackaged storage, Forge has a total storage capacity of up to 20 terabytes, although the capacity is almost unlimited when external storage configurations are used by adding iSCSI or Fibre Channel cards.

Use the information in this section to plan your protection and recovery environment.  Section 1.1, “Supported Configurations,” on page 11

 Section 1.2, “Security and Privacy,” on page 17  Section 1.3, “Performance,” on page 20

1.1

Supported Configurations

PlateSpin Forge supports server workloads for protection of most major versions of the Microsoft Windows, SUSE Linux Enterprise Server, and Red Hat Enterprise Linux operating systems. It also supports selected versions of Novell Open Enterprise Server, Oracle Enterprise Linux, and CentOS operating systems.

This section describes all of the platform configurations supported by PlateSpin Forge, as well as the software, hardware, and virtualization environments that are required for workload protection and recovery. Some configurations, as noted, require special handling for workload setup and recovery. Ensure that you review the referenced information elsewhere in the online documentation or Knowledgebase Articles before you attempt to set up the workload.

NOTE: Although configurations not mentioned here are not supported, many of the improvements we make to PlateSpin Forge will be in direct response to suggestions from our customers. You can help us ensure our product meets all your needs. If you are interested in a platform configuration not listed,

(12)

 Section 1.1.4, “Supported System Firmware,” on page 16  Section 1.1.5, “Supported Storage,” on page 16

 Section 1.1.6, “Supported Browsers for the PlateSpin Forge Web Interface,” on page 16

1.1.1

Supported Windows Workloads

PlateSpin Forge supports workloads for most Microsoft Windows versions. For a list of supported Windows versions, see Table 1-1.

Both file-level and block-level replications are supported, with certain restrictions. See “Data Transfer” on page 78.

Table 1-1 Supported Windows Workloads

Operating System Notes

Server Class workloads

Windows Server 2012 R2 Windows Server 2012

Includes domain controllers (DC) and Small Business Server (SBS) editions.

For information about conversion of Active Directory domain controllers, see Knowledgebase Article 7920501.

Windows Server 2008 R2 (64-bit) Windows Server 2008 (64-bit)

Windows Server 2008 latest SP (32-bit)

Includes domain controllers (DC) and Small Business Server (SBS) editions.

For information about conversion of Active Directory domain controllers, see Knowledgebase Article 7920501.

Windows Server 2003 R2 (64-bit) Windows Server 2003 R2 (32-bit) Windows Server 2003 latest SP (64-bit) Windows Server 2003 latest SP (32-bit)

Windows 2003 requires SP1 or higher for Block-based replication.

Server-based Cluster workloads

Windows Server 2008 R2 server-based Microsoft Failover Cluster

Block-based transfer only. Windows Server 2003 R2 server-based

Microsoft Failover Cluster

Block-based transfer only.

Hypervisor Class workloads

Windows Server 2012 R2 with Hyper-V Role Windows Server 2012 with Hyper-V Role

Protects the host server as the workload. Protect the individual VMs separately.

(13)

Supported Windows File Systems

PlateSpin Forge supports only the NTFS file system on any supported Windows system. Supported Windows Clusters

For detailed information about how to protect workloads in a cluster, see “Protecting Windows Clusters” on page 89.

Supported International Versions

PlateSpin Forge supports French, German, Japanese, Chinese Traditional, and Chinese Simplified versions of Microsoft Windows. See “Language Setup for International Versions of PlateSpin Forge” on page 35.

TIP: Other international versions have limited support: updating system files could be affected in languages other than those listed above.

Workload Firmware (UEFI and BIOS) Support

PlateSpin Forge mirrors the Microsoft support of UEFI or BIOS-based Windows workloads. It transfers workloads (both Block and File transfers are supported) from source to target while

enforcing the supported firmware for the respective source and target operating systems. It does the same for the failback to a physical machine. When any transition (failover and failback) between UEFI and BIOS systems are initiated, Forge analyzes the transition and alerts you about its validity. NOTE: If you are protecting a UEFI-based workload and you want to continue using the same firmware boot mode throughout the protected workload lifecycle, you need to target a vSphere 5.0 container or newer.

The following are examples of Forge behavior when protecting and failing back between UEFI and BIOS-based systems:

Workstation Class workloads

Windows 8.1 Windows 8

WARNING: You must select the High Performance power plan on the Windows 8 source so that the workload failover and failback function correctly.

To configure this power plan from the Windows Control Panel:

1. Select All Control Panel Items > Power Options. 2. In the Choose or customize power plan dialog,

select Show additional plans > High Performance. 3. Close the control panel.

Windows 7 Professional, Enterprise, and Ultimate editions only.

(14)

 If you attempt to failback a protected Windows 2003 workload to a UEFI-based physical machine, Forge analyzes the choice and notifies you that it is not valid (that is, the firmware transition from BIOS to UEFI is not supported – Windows 2003 does not support the UEFI boot mode).

 When protecting a UEFI-based source on a BIOS-based target, Forge migrates the UEFI system’s boot disks, which were GPT, to MBR disks. Failing back this BIOS workload to a UEFI-based physical machine converts the boot disks back to GPT.

Workload Complex Disk Partitioning Support

PlateSpin Forge provides support for the GPT partitioning of disks for Windows workloads. Full replication is supported for 57 or fewer partitions or volumes on a single disk.

1.1.2

Supported Linux Workloads

PlateSpin Forge supports a number of Linux distributions. For a list of supported Linux operating systems, see Table 1-2.

Replication of protected Linux workloads occurs only at the block level. See “Requirement for a blkwatch Driver” on page 15.

Table 1-2 Supported Linux Workloads

Operating System Notes

Linux Server class workloads

Red Hat Enterprise Linux (RHEL) 7 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4

See “Linux Distributions Supported by Forge” on page 119 for a list of supported Linux kernel versions and

architectures for RHEL distributions.

SUSE Linux Enterprise Server (SLES) 11 SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Server 9

See “Linux Distributions Supported by Forge” on page 119 for a list of supported Linux kernel versions and

architectures for SLES distributions.

NOTE: Kernel version 3.0.13 of SLES 11 SP3 is not supported. Upgrade to kernel version 3.0.27 or later before you inventory the workload.

Novell Open Enterprise Server (OES) 11 SP1 Novell Open Enterprise Server 11 SP2

PlateSpin Forge supports workloads for an OES 11 SPx

version if it is based on a supported SLES distribution, except as noted. See “Linux Distributions Supported by Forge” on page 119 for a list of supported Linux kernel versions and architectures for SLES distributions.

NOTE: The default kernel version 3.0.13 of OES 11 SP2 is not supported. Upgrade to kernel version 3.0.27 or later before you inventory the workload.

Oracle Enterprise Linux (OEL) PlateSpin Forge supports workloads for an OEL version if it is based on a supported RHEL distribution, except as noted. See “Linux Distributions Supported by Forge” on page 119 for a list of supported Linux kernel versions and architectures for RHEL distributions.

NOTE: Workloads using the Unbreakable Enterprise Kernel are not supported.

(15)

Supported Linux File Systems

PlateSpin Forge supports EXT2, EXT3, EXT4, REISERFS, XFS, and NSS (OES 11 workloads) file systems, with block-based transfer only.

NOTE: Encrypted volumes of workloads on the source are decrypted in the failover VM. Workload Firmware (UEFI and BIOS) Support

PlateSpin Forge provides support for the UEFI and BIOS firmware interfaces. Workload Complex Disk Partitioning Support

PlateSpin Forge provides support for the GPT partitioning of disks for Linux workloads. Full replication is supported for 57 or fewer partitions or volumes on a single disk.

Requirement for a blkwatch Driver

The block-based transfer of data for a Linux workloadPlateSpin Forge requires a blkwatch driver that is compiled for the particular Linux distribution being protected. PlateSpin Forge software includes pre-compiled versions of the blkwatch driver for many non-debug Linux distributions (32-bit and 64-bit). You can also create a custom driver. For more information, see “Linux Distributions Supported by Forge” on page 119.

1.1.3

Supported VM Containers

A container is a protection infrastructure that acts as the host of a protected workload’s regularly updated replica. That infrastructure can be either a VMware ESXi Server or a VMware DRS Cluster.

Table 1-3 Platforms Supported as VM Containers

CentOS 7 CentOS 6 CentOS 5 CentOS 4

PlateSpin Forge supports workloads for a CentOS version if it is based on a supported RHEL distribution. See “Linux Distributions Supported by Forge” on page 119 for a list of supported Linux kernel versions and architectures for RHEL distributions.

Operating System Notes

Container Notes

VMware ESXi 5.5 (GA2, Update 2)

 Supported as a protection and failback container.

 The DRS configuration must be either Partially Automated or Fully Automated. (It must not be set to Manual.)

 As a VM Container, the DRS Cluster must consist of ESXi 5.5 servers only, and can be managed by vCenter 5.5 only.

(16)

NOTE: ESXi versions must have a paid license; protection is unsupported with these systems if they are operating with a free license.

1.1.4

Supported System Firmware

PlateSpin Forge provides support for the UEFI and BIOS firmware interfaces.

On Windows systems, PlateSpin Forge mirrors the Microsoft support of UEFI. For more information see Workload Firmware (UEFI and BIOS) Support in “Supported Windows Workloads” on page 12.

1.1.5

Supported Storage

Workloads and storage for protection must be configured on disks partitioned with the MBR (Master Boot Record) or the GPT (GUID Partition Table) partitioning scheme. Although GPT allows up to 128 partitions per single disk, PlateSpin Forge supports only 57 or fewer GPT partitions per disk.

PlateSpin Forge supports several types of storage, including basic disks, Windows dynamic disks, LVM (version 2 only), RAID, and SAN.

For Linux workloads, PlateSpin Forge provides the following additional features:

 Non-volume storage, such as a swap partition that is associated with the source workload, is recreated in the failover workload.

 The layout of volume groups and logical volumes is preserved so that you can re-create it during failback.

 (OES 2 workloads) EVMS layouts of source workloads are preserved and re-created in the appliance host. NSS pools are copied from the source to the recovery VM.

1.1.6

Supported Browsers for the PlateSpin Forge Web Interface

Most of your interaction with the product takes place through the browser-based PlateSpin Forge Web Interface.

The supported browsers are:

 Google Chrome, version 34.0 and later

 Microsoft Internet Explorer, version 11.0 and later  Mozilla Firefox, version 29.0 and later

NOTE: JavaScript (Active Scripting) must be enabled in your browser. VMware ESXi 4.1 (GA2,

Update 3)

 Supported as a protection and failback container.

 The DRS configuration must be either Partially Automated or Fully Automated. (It must not be set to Manual.)

 As a VM Container, the DRS Cluster must consist of ESXi 4.1 servers only, and can be managed by vCenter 4.1 only.

(17)

To enable JavaScript:  Chrome:

1. From the Chrome menu, select Settings, then scroll to and click Show advanced settings. 2. Under Privacy, click Content Settings.

3. Scroll to JavaScript, then select Allow all sites to run JavaScript. 4. Click Done.

 Firefox:

1. In the Location bar, type about:config and press Enter. 2. Click I’ll be careful, I promise!

3. In the Search bar, type javascript.enabled, then press Enter.

4. In the search results, view the value for the javascript.enabled parameter. If its value is

false, right-click javascript.enabled and select Toggle to set its value to true.  Internet Explorer:

1. From the Tools menu, select Internet Options. 2. Select Security, then click Custom level.

3. Scroll to Scripting > Active scripting, then select Enable. 4. Click Yes at the warning dialog box, then click OK.

5. Click Apply > OK.

To use the PlateSpin Forge Web Interface and integrated help in one of the supported languages, see “Language Setup for International Versions of PlateSpin Forge” on page 35.

1.2

Security and Privacy

PlateSpin Forge provides several features to help you safeguard your data and increase security.  Section 1.2.1, “Security of Workload Data in Transmission,” on page 17

 Section 1.2.2, “Security of Client/Server Communications,” on page 18  Section 1.2.3, “Security of Credentials,” on page 18

 Section 1.2.4, “User Authorization and Authentication,” on page 18  Section 1.2.5, “Network Port Settings,” on page 18

 Section 1.2.6, “Additional Security Enhancements,” on page 20

1.2.1

Security of Workload Data in Transmission

To make the transfer of your workload data more secure, you can configure the workload protection to encrypt the data. When encryption is enabled, data replicated over the network is encrypted by using AES (Advanced Encryption Standard).

(18)

1.2.2

Security of Client/Server Communications

Because the PlateSpin Server enables SSL on the Forge VM, secure data transmission between your web browser and the PlateSpin Server is already configured to HTTPS (Hypertext Transfer Protocol Secure).

1.2.3

Security of Credentials

Credentials that you use to access various systems (such as workloads and failback targets) are stored in the PlateSpin Forge database and are therefore covered by the same security safeguards that you have in place for your Forge VM.

In addition, credentials are included within diagnostics, which are accessible to accredited users. You should ensure that workload protection projects are handled by authorized staff.

1.2.4

User Authorization and Authentication

PlateSpin Forge provides a comprehensive and secure user authorization and authentication mechanism based on user roles, and controls application access and operations that users can perform. See “Setting Up User Authorization and Authentication” on page 25.

1.2.5

Network Port Settings

Table 1-4 lists the default ports used by PlateSpin Forge. If you configure custom ports, you must open those ports instead. For communications between the PlateSpin Forge Server and the source and target machines it manages, ensure that you also open the appropriate ports on any firewalls between them. Traffic for communications is bi-directional (incoming and outgoing). For more information about network access configuration for your PlateSpin Server environment, see “Configuring Access and Communication Settings across your Protection Network” on page 28.

Table 1-4 Default Ports Used by PlateSpin Forge

Port Number Protocol Function Details

80 TCP HTTP (Not secure) Used for HTTP communications between the Forge VM and the source and target machines it

manages.

Open this port on your Forge VM, the source and target workloads, and the VMware ESXi hosts.

443 TCP HTTPS (Secure) Used for HTTPS communications, if SSL is enabled, between the Forge VM and the source and target machines.

Open this port on your Forge VM, the source and target workloads, the VMware ESXi hosts, and the vCenter host server.

(19)

3725 TCP Data transfer Used for data transfer between the source and target machines, including file-based transfer and block-based transfer.

Open this port on the source and target machines for all workloads. Any firewall between a source and its target must also allow TCP port 3725. See “Supported Configurations” on page 11.

135 445

TCP RPC/DCOM Used for RPC/DCOM communications on Windows machines during the discovery process, and when taking control and rebooting the source machine.

Open these ports for communications between the source and target machines for all Windows workloads. See “Supported Windows Workloads” on page 12. 137

138 139

TCP NetBIOS Used for NetBIOS communications (name service, datagram service, and session service).

Open these ports for communications between the source and target machines for all Windows workloads. See “Supported Windows Workloads” on page 12. 137

138

UDP SMB Used for SMB communications for the file transfer of the Take Control folder and files from the PlateSpin Server to the source machine.

Open these ports on your Forge VM and the source workloads.

139 445

TCP SMB

22 TCP Used for SSH and SCP communications on Linux machines during the discovery process.

Open this port on the source and target machines for all Linux workloads. See “Supported Linux Workloads” on page 14.

25 TCP SMTP Used for SMTP traffic if email notification is enabled. Open this port on the Forge VM and the mail relay host.

25 UDP SMTP

1433 TCP SQL Used for Microsoft SQL Server communications for authentication and data exchange to a remote SQL Server.

Open the SQL ports on your Forge VM and the remote SQL Server host, as well as on any firewalls between them.

For more information the SQL Server port requirements, see Configure the Firewall to Allow Server Access in the Microsoft Developers Network.

1434 TCP SQL Used for the Microsoft SQL Server dedicated admin

(20)

1.2.6

Additional Security Enhancements

PlateSpin Forge provides information in Knowledgebase Article 7015818 about how to remove the vulnerability to potential POODLE (Padding Oracle On Downgraded Legacy Encryption) attacks from your PlateSpin servers.

1.3

Performance

 Section 1.3.1, “About Product Performance Characteristics,” on page 20  Section 1.3.2, “Data Compression,” on page 21

 Section 1.3.3, “Bandwidth Throttling,” on page 21

 Section 1.3.4, “RPO, RTO, and TTO Specifications,” on page 21  Section 1.3.5, “Scalability,” on page 22

1.3.1

About Product Performance Characteristics

The performance characteristics of your PlateSpin Forge product depend on a number of factors, including:

 Hardware and software profiles of your source workloads  Hardware and software profiles of your target containers

 The specifics of your network bandwidth, configuration, and conditions  The number of protected workloads

 The number of volumes under protection  The size of volumes under protection

 File density (number of files per unit of capacity) on your source workloads’ volumes  Source I/O levels (how busy your workloads are)

 The number of concurrent replications

 Whether data encryption is enabled or disabled  Whether data compression is enabled or disabled

For large-scale workload protection plans, you should perform a test protection of a typical workload, run some replications, and use the result as a benchmark, fine-tuning your metrics regularly

throughout the project.

49152 to 65535 TCP SQL Used for the Microsoft SQL Server or RPC for LSA, SAM, and Netlogon.

If you have configured Microsoft SQL Server to use a specific TCP port, you must open that port on the firewall.

(21)

1.3.2

Data Compression

If necessary, PlateSpin Forge can compress the workload data before transferring it over the network. This enables you to reduce the overall amount of data transferred during replications.

Compression ratios depend on the type of files on a source workload’s volumes, and might vary from approximately 0.9 (100MB of data compressed to 90 MB) to approximately 0.5 (100MB compressed to 50MB).

NOTE: Data compression utilizes the source workload’s processor power.

Data Compression can be configured individually for each workload or in a Protection Tier. See “Protection Tiers” on page 80.

1.3.3

Bandwidth Throttling

PlateSpin Forge enables you to control the amount of network bandwidth consumed by direct source-to-target communication over the course of workload protection; you can specify a throughput rate for each protection contract. This provides a way to prevent replication traffic from congesting your production network and reduces the overall load of your PlateSpin Server.

Bandwidth throttling can be configured individual for each workload or in a Protection Tier. See “Protection Tiers” on page 80.

1.3.4

RPO, RTO, and TTO Specifications

 Recovery Point Objective (RPO): Describes the acceptable amount of data loss measured in time. The RPO is determined by the time between incremental replications of a protected workload and is affected by current utilization levels of PlateSpin Forge, the rate and scope of changes on the workload, your network speed, and the chosen replication schedule.

 Recovery Time Objective (RTO): Describes the time required for a failover operation (bringing a failover workload online to temporarily replace a protected production workload).

The RTO for failing a workload over to its virtual replica is affected by the time it takes to configure and execute the failover operation (10 to 45 minutes). See “Failover” on page 71.  Test Time Objective (TTO): Describes the time required for testing disaster recovery with some

confidence of service restoration.

Use the Test Failover feature to run through different scenarios and generate benchmark data. See “Using the Test Failover Feature” on page 72.

Among factors that have an impact on RPO, RTO, and TTO is the number of required concurrent failover operations; a single failed-over workload has more memory and CPU resources available to it than multiple failed-over workloads, which share the resources of their underlying infrastructure. You should determine average failover times for workloads in your environment by doing test failovers at various times, then use them as benchmark data in your overall data recovery plans. See “Generating Workload and Workload Protection Reports” on page 61.

(22)

1.3.5

Scalability

Scalability encompasses (and depends on) the following major characteristics of your PlateSpin Forge product:

 Workloads per Server: The number of workloads per PlateSpin Server might vary between 10 and 50, depending on several factors, including your RPO requirements and the hardware characteristics of the server host.

 Protections per Container: The maximum number of protections per container is related to (but is not the same as) the VMware specifications pertaining to the maximum number of VMs supported per ESXi host. Additional factors include recovery statistics (including concurrent replications and failovers) and hardware vendor specifications.

You should conduct tests, incrementally adjust your capacity numbers, and use them in determining your scalability ceiling.

(23)

2

PlateSpin Forge Application

Configuration

This section includes information about the following:

 Section 2.1, “Launching the PlateSpin Forge Web Interface,” on page 23  Section 2.2, “Product Licensing,” on page 23

 Section 2.3, “Setting Up User Authorization and Authentication,” on page 25

 Section 2.4, “Configuring Access and Communication Settings across your Protection Network,” on page 28

 Section 2.5, “Configuring PlateSpin Forge Default Options,” on page 31

2.1

Launching the PlateSpin Forge Web Interface

To use the PlateSpin Forge Web Interface and integrated help in one of the supported languages, see “Language Setup for International Versions of PlateSpin Forge” on page 35.

To launching the PlateSpin Forge Web Interface: 1 Open a supported web browser and go to:

https://<hostname | IP_address>/Forge

Replace <hostname | IP_address> with the DNS hostname or the IP address of your Forge VM. If SSL is not enabled, use http in the URL.

The first time you log into PlateSpin Forge, the browser redirects to the License Activation page. 2 Log in using the local Administrator user credentials for the Forge VM.

The default credentials for the Forge VM are username Administrator and password

Password1.

For information about setting up additional users for PlateSpin, see Section 2.3, “Setting Up User Authorization and Authentication,” on page 25.

2.2

Product Licensing

For PlateSpin Forge product licensing, you must have a license activation code. If you do not have a license activation code, request one through the Customer Center (http://www.netiq.com/

customercenter/). A license activation code will be emailed to you.

NOTE: If you are an existing PlateSpin customer and you don't have a Customer Center account, you must first create one, using the same email address as specified in your purchase order. See Create

(24)

You have two options for activating your product license: online or offline.  Section 2.2.1, “Online License Activation,” on page 24

 Section 2.2.2, “Offline License Activation,” on page 24

2.2.1

Online License Activation

For online activation, PlateSpin Forge must have Internet access.

NOTE: HTTP proxies might cause failures during online activation. Offline activation is recommended for users in environments that use HTTP proxy.

To set up online license activation:

1 In the PlateSpin Forge Web Interface, click Add PlateSpin Forge License > Add License.

2 Select Online Activation.

3 Specify the email address that you provided when you placed your order and the activation code you received, then click Activate.

The system obtains the required license over the Internet and activates the product.

2.2.2

Offline License Activation

For offline activation, you obtain a PlateSpin Forge license key by using a computer that has Internet access.

1 In the PlateSpin Forge Web Interface, click Add PlateSpin Forge License > Add License. 2 Select Offline Activation and copy the hardware ID shown.

3 On a computer that has Internet access, generate a license key file for the product: 3a Navigate to the PlateSpin Product Activation website (http://www.platespin.com/

productactivation/ActivateOrder.aspx), then log in with your Customer Center user name and password.

3b Use the hardware ID to create a license key file. This process requires the following information:

(25)

 the email address that you provided when you placed your order  the hardware ID that you copied in Step 2

3c Save the generated license key file.

4 Transfer the license key file to the product host that does not have Internet connectivity.

5 In the PlateSpin Forge Web Interface on the License Activation page, type the path to the file or browse to its location, then click Activate.

The license key file is saved and the product is activated based on this file.

2.3

Setting Up User Authorization and Authentication

The following information is included in this section:

 Section 2.3.1, “About PlateSpin Forge User Authorization and Authentication,” on page 25  Section 2.3.2, “Managing PlateSpin Forge Access and Permissions,” on page 26

 Section 2.3.3, “Managing PlateSpin Forge Security Groups and Workload Permissions,” on page 27

2.3.1

About PlateSpin Forge User Authorization and

Authentication

The user authorization and authentication mechanism of PlateSpin Forge is based on user roles, and controls application access and operations that users can perform. The mechanism is based on Integrated Windows Authentication (IWA) and its interaction with Internet Information Services (IIS). The role-based access mechanism enables you to implement user authorization and authentication in several ways:

 Restricting application access to specific users  Allowing only specific operations to specific users

 Granting each user access to specific workloads for performing operations defined by the assigned role

Every PlateSpin Forge instance has the following set of operating system-level user groups that define related functional roles:

 Workload Protection Administrators: Have unlimited access to all features and functions of the application. A local administrator is implicitly part of this group.

 Workload Protection Power Users: Have access to most features and functions of the application, with some limitations such as restrictions in the capability to modify system settings related to licensing and security.

 Workload Protection Operators: Have access to a limited subset of system features and functions, sufficient to maintain day-to-day operation.

(26)

Table 2-1 Workload Protection Roles and Permission Details

In addition, PlateSpin Forge software provides a mechanism based on security groups that define which users should have access to which workloads in the PlateSpin Forge workload inventory. To set up a proper role-based access to PlateSpin Forge:

1 Add users to the required user groups detailed in Table 2-1. See your Windows documentation. 2 Create application-level security groups that associate these users with specified workloads.

See “Managing PlateSpin Forge Security Groups and Workload Permissions” on page 27.

2.3.2

Managing PlateSpin Forge Access and Permissions

The following sections provide more information:  “Adding PlateSpin Forge Users” on page 26

 “Assigning a Workload Protection Role to a PlateSpin Forge User” on page 27

Adding PlateSpin Forge Users

Use the procedure in this section to add a new PlateSpin Forge user.

If you want to grant specific role permissions to an existing user on the Forge VM, see “Assigning a Workload Protection Role to a PlateSpin Forge User” on page 27.

You can now assign a workload protection role to the newly created user. See “Assigning a Workload Protection Role to a PlateSpin Forge User” on page 27.

Workload Protection Role Details Administrators Power Users Operators

Add Workload Allowed Allowed Denied

Remove Workload Allowed Allowed Denied

Configure Protection Allowed Allowed Denied

Prepare Replication Allowed Allowed Denied

Run (Full) Replication Allowed Allowed Allowed

Run Incremental Allowed Allowed Allowed

Pause/Resume Schedule Allowed Allowed Allowed

Test Failover Allowed Allowed Allowed

Failover Allowed Allowed Allowed

Cancel Failover Allowed Allowed Allowed

Abort Allowed Allowed Allowed

Dismiss (Task) Allowed Allowed Allowed

Settings (All) Allowed Denied Denied

Run Reports/Diagnostics Allowed Allowed Allowed

Failback Allowed Denied Denied

(27)

Assigning a Workload Protection Role to a PlateSpin Forge User

Before assigning a role to a user, determine the collection of permissions that best suits that user. See Table 2-1, “Workload Protection Roles and Permission Details,” on page 26.

It might take several minutes for the change to take effect. To attempt applying the changes manually, restart your server by using the RestartPlateSpinServer.exe executable.

To restart the PlateSpin Server:

1 Before you attempt to restart the PlateSpin Server, pause all of your contracts, or verify that no replications, failovers, or failbacks are in process. Do not continue until all workloads are idle. 2 Go to the PlateSpin Server’s bin\RestartPlateSpinServer subdirectory.

3 Double-click the RestartPlateSpinServer.exe executable. A command prompt window opens, requesting confirmation. 4 Confirm by typing Y and pressing Enter.

You can now add this user to a PlateSpin Forge security group and associate a specified collection of workloads. See “Managing PlateSpin Forge Security Groups and Workload Permissions” on page 27.

2.3.3

Managing PlateSpin Forge Security Groups and Workload

Permissions

PlateSpin Forge provides a granular application-level access mechanism that allows specific users to carry out specific workload protection tasks on specified workloads. This is accomplished by setting up security groups.

1 Assign a PlateSpin Forge user a Workload Protection Role whose permissions best suit that role in your organization. See “Assigning a Workload Protection Role to a PlateSpin Forge User” on page 27.

2 Access PlateSpin Forge as an administrator by using the PlateSpin Forge Web Interface, then click Settings > Permissions.

The Security Groups page opens. 3 Click Create Security Group.

4 In the Security Group Name field, type a name for your security group. 5 Click Add Users and select the required users for this security group.

If you want to add a PlateSpin Forge user who was recently added to the Forge VM, it might not be immediately available in the user interface. In this case, first click Refresh User Accounts.

(28)

6 Click Add Workloads and select the required workloads:

Only users in this security group will have access to the selected workloads. 7 Click Create.

The page reloads and displays the your new group in the list of security groups. To edit a security group, click its name in the list of security groups.

2.4

Configuring Access and Communication Settings

across your Protection Network

Before you set up workloads for protection and recovery, ensure that you configure your network with the access and communications settings described in this section.

 Section 2.4.1, “Open Port Requirements for the PlateSpin Server HostForge VM,” on page 28  Section 2.4.2, “Access and Communication Requirements for Workloads,” on page 29  Section 2.4.3, “Access and Communication Requirements for Containers,” on page 30  Section 2.4.4, “Protection Across Public and Private Networks Through NAT,” on page 30  Section 2.4.5, “Overriding the Default bash Shell for Executing Commands on Linux Workloads,”

on page 31

 Section 2.4.6, “Requirements for VMware DRS Clusters as Containers,” on page 31

2.4.1

Open Port Requirements for the PlateSpin Server

HostForge VM

Table 2-2 describes the ports that must be open for on the Forge VM to allow access to the PlateSpin Forge Web Interface.

Table 2-2 Open Port Requirements for the PlateSpin Server HostForge VM

Port (Default) Remarks

(29)

2.4.2

Access and Communication Requirements for Workloads

Table 2-3 describes the software, network, and firewall requirements for workloads that you intend to protect by using PlateSpin Forge.

Table 2-3 Access and Communication Requirements for Workloads

TCP 443 For HTTPS communication (if SSL is enabled)

Port (Default) Remarks

Workload Type Prerequisites Required Ports

(Defaults)

All workloads Ping (ICMP echo request and response) support All Windows workloads.

See “Supported Windows Workloads” on page 12.

 Microsoft .NET Framework 3.5 Service Pack 1  Microsoft .NET Framework 4.0

All Windows workloads. See “Supported Windows Workloads” on page 12.

 Built-in Administrator or domain administrator account credentials (membership only in the local Administrators group is insufficient).

 The Windows Firewall configured to allow File and Printer Sharing. Use one of these options:

 Option 1, using Windows Firewall: Use the basic Windows Firewall Control Panel item (firewall.cpl) and select File and printer Sharing in the list of exceptions.

- OR -

 Option 2, using Firewall with Advanced Security: Use the Windows Firewall with Advanced Security utility (wf.msc) with the following Inbound Rules enabled and set to

Allow:

 File and Printer Sharing (Echo Request - ICMPv4In)

 File and Printer Sharing (Echo Request - ICMPv6In)

 File and Printer Sharing (NB-Datagram-In)

 File and Printer Sharing (NB-Name-In)

 File and Printer Sharing (NB-Session-In)

 File and Printer Sharing (SMB-In)

TCP 3725 NetBIOS (TCP 137 - 139) SMB (TCP 139, 445 and UDP 137, 138) RPC (TCP 135, 445)

(30)

2.4.3

Access and Communication Requirements for Containers

Table 2-4 describes the software, network, and firewall requirements for the supported workload containers.

Table 2-4 Access and Communication Requirements for Containers

2.4.4

Protection Across Public and Private Networks Through

NAT

In some cases, a source, a target, or PlateSpin Forge itself, might be located in an internal (private) network behind a network address translator (NAT) device, unable to communicate with its

counterpart during protection.

PlateSpin Forge enables you to address this issue, depending on which of the following hosts is located behind the NAT device:

 PlateSpin Server: In your server’s PlateSpin Server Configuration tool, record the additional IP addresses assigned to that host. See “Configuring the Application to Function through NAT” on page 31.

 Workload: When you are attempting to add a workload, specify the public (external) IP address of that workload in the discovery parameters.

Windows Server 2003 (including SP1 Standard, SP2 Enterprise, and R2 SP2 Enterprise).

NOTE: After enabling the required ports, run the following command at the server prompt to enable PlateSpin remote administration:

netsh firewall set service RemoteAdmin enable

For more information about netsh, see the Microsoft TechNet article, The Netsh Command Line Utility (http:// technet.microsoft.com/en-us/library/

cc785383%28v=ws.10%29.aspx).

TCP 3725, 135, 139, 445

UDP 137, 138, 139

All Linux workloads. See “Supported Linux Workloads” on page 14.

Secure Shell (SSH) server TCP 22, 3725

Workload Type Prerequisites Required Ports

(Defaults)

System Prerequisites Required Ports

(Defaults)

All containers Ping (ICMP echo request and response) capability. All VMware containers.

See “Supported VM Containers” on page 15.

 VMware account with an Administrator role

 VMware Web services API and file management API

HTTPS (TCP 443)

vCenter Server The user with access must be assigned the appropriate roles and permissions. Refer to the pertinent release of VMware documentation for more information.

(31)

 Failed-over VM: During failback, you can specify an alternative IP address for the failed-over workload in Failback Details (Workload to VM) (page 74).

 Failback Target: During an attempt to register a failback target, when prompted to provide the IP address of the PlateSpin Server, provide either the local address of the Forge VM or one of its public (external) addresses recorded in the server’s PlateSpin Server Configuration tool (see PlateSpin Server above).

Configuring the Application to Function through NAT

To enable the PlateSpin Server to function across NAT-enabled environments, you must record additional IP addresses of your PlateSpin Server in the PlateSpin Server Configuration tool’s database that the server reads upon startup.

For information on the update procedure, see “Configuring PlateSpin Server Behavior through XML Configuration Parameters” on page 37.

2.4.5

Overriding the Default bash Shell for Executing Commands

on Linux Workloads

By default, the PlateSpin Server uses the /bin/bash shell when executing commands on a Linux source workload.

If required, you can override the default shell by modifying the corresponding registry key on the PlateSpin Server.

See Knowledgebase Article 7010676.

2.4.6

Requirements for VMware DRS Clusters as Containers

To be a valid protection target, your VMware DRS cluster must be added to the set of containers (inventoried) as a VMware Cluster. You should not attempt to add a DRS Cluster as a set of individual ESX servers. See “Adding Containers (Protection Targets)” on page 64.

In addition, your VMware DRS cluster must meet the following configuration requirements:  DRS is enabled and set to either Partially Automated or Fully Automated.  At least one datastore is shared among all the ESX servers in the VMware Cluster.

 At least one vSwitch and virtual port-group, or vNetwork Distributed Switch, is common to all the ESX servers in the VMware Cluster.

 The failover workloads (VMs) for each Protection contract is placed exclusively on datastores, vSwitches and virtual port-groups that are shared among all the ESX servers in the VMware Cluster.

(32)

 Section 2.5.4, “Configuring PlateSpin Server Behavior through XML Configuration Parameters,” on page 37

 Section 2.5.5, “Optimizing Data Transfer over WAN Connections,” on page 38

 Section 2.5.6, “Configuring Support for VMware vCenter Site Recovery Manager,” on page 40

2.5.1

Setting Up Automatic Email Notifications of Events and

Reports

You can configure PlateSpin Forge to automatically send notifications of events and replication reports to specified email addresses. This functionality requires that you first specify a valid SMTP server for PlateSpin Forge to use.

 “SMTP Configuration” on page 32

 “Setting Up Automatic Event Notifications by Email” on page 32  “Setting Up Automatic Replication Reports by EMail” on page 34

SMTP Configuration

Use the PlateSpin Forge Web Interface to configure SMTP (Simple Mail Transfer Protocol) settings for the server used to deliver email notifications of events and replication reports.

Figure 2-1 Simple Mail Transfer Protocol Settings

To configure SMTP settings:

1 In your PlateSpin Forge Web Interface, click Settings > SMTP.

2 Specify an SMTP server Address, a Port (the default is 25), and a Reply Address for receiving email event and progress notifications.

3 Type a Username and Password, then confirm the password. 4 Click Save.

Setting Up Automatic Event Notifications by Email

To set up automatic event notifications:

(33)

2 In your PlateSpin Forge Web Interface, click Settings > Notification Settings. 3 Select the Enable Notifications option.

4 Click Edit Recipients, type the required email addresses separated by commas, then click OK.

5 Click Save.

To delete listed email addresses, click Delete next to the address that you want to remove. The event types shown in Table 2-5 can trigger email notifications if notification is configured. The events are always added to the System Application Event Log, according to the log entry types of Warning, Error, and Information.

NOTE: Although event log entries have unique IDs, the IDs are not guaranteed to remain the same in future releases.

Table 2-5 Events Types Organized by Log Entry Types

Event Types Remarks

Log Entry Type: Warning

FullReplicationMissed Similar to the Incremental Replication Missed

event.

IncrementalReplicationMissed Generated when any of the following applies:  A replication is manually paused while a

scheduled incremental replication is due.  The system attempts to carry out a scheduled

incremental replication while a manually-triggered replication is underway.

 The system determines that the target has insufficient free disk space.

(34)

Setting Up Automatic Replication Reports by EMail

To set up PlateSpin Forge to automatically send out replication reports by email, follow these steps: 1 Set up an SMTP server for PlateSpin Forge to use. See SMTP Configuration (page 32).

2 In your PlateSpin Forge Web Interface, click Settings > Email > Replication Reports Settings. 3 Select the Enable Replication Reports option.

4 In the Report Recurrence section, click Configure and specify the required recurrence pattern for the reports.

5 In the Recipients section, click Edit Recipients, type the required email addresses separated by commas, then click OK.

FullReplicationFailed

IncrementalReplicationFailed PrepareFailoverFailed

Log Entry Type: Information

FailoverCompleted

FullReplicationCompleted

IncrementalReplicationCompleted PrepareFailoverCompleted

TestFailoverCompleted Generated upon manually marking a Test Failover operation a success or a failure.

WorkloadOnlineDetected Generated when the system detects that a previously offline workload is now online.

Applies to workloads whose protection contract’s state is not Paused.

(35)

6 (Optional) In the Forge Access URL section, specify a non-default URL for your PlateSpin Server (for example, when your Forge VM has more than one NIC or if it is located behind a NAT server). This URL affects the title of the report and the functionality of accessing relevant content on the server through hyperlinks within emailed reports.

7 Click Save.

For information on other types of reports that you can generate and view on demand, see “Generating Workload and Workload Protection Reports” on page 61.

2.5.2

Language Setup for International Versions of PlateSpin

Forge

PlateSpin Forge provides National Language Support (NLS) for Chinese Simplified, Chinese Traditional, French, German, and Japanese.

To use the PlateSpin Forge Web Interface and integrated help in one of these languages, the corresponding language must be added in your web browser and moved to the top of the order of preference:

1 Access the Languages setting in your web browser:  Chrome:

1. From the Chrome menu, click Settings, then scroll to and click Show advanced settings.

2. Scroll to Languages, then click Language and input settings.  Firefox:

1. From the Tools menu, select Options, then select the Content tab. 2. Under Languages, click Choose.

 Internet Explorer:

1. From the Tools menu, select Internet Options, then select the General tab. 2. Under Appearance, click Languages.

2 Add the required language and move it up the top of the list.

3 Save the settings, then start the client application by connecting to your PlateSpin Forge Server. See “Launching the PlateSpin Forge Web Interface” on page 23.

NOTE: (For users of Chinese Traditional and Chinese Simplified versions) Attempting to connect to the PlateSpin Forge Server with a browser that does not have a specific version of Chinese added might result in web server errors. For correct operation, use your browser’s configuration settings to add a specific Chinese language (for example, Chinese [zh-cn] or Chinese [zh-tw]). Do not use the culture-neutral Chinese [zh] language.

The language of a small portion of system messages generated by the PlateSpin Forge Server depends on the operating system interface language selected in your Forge VM:

(36)

2 Start the Regional and Language Options applet (click Start > Run, type intl.cpl, and press Enter), then click the Languages (Windows Server 2003) or Keyboards and Languages (Windows Server 2008) tab, as applicable.

3 If it is not already installed, install the required language pack. You might need access to your OS installation media.

4 Select the required language as the interface language of the operating system. When you are prompted, log out or restart the system.

2.5.3

Using Tags to Help Sort Workloads

It is possible that the Workloads view of the Forge Web Interface might display a very long list of workloads. Sorting through these workloads to manage operations for similar workloads can become time-consuming.

To simplify workload list sorting, you can optionally attach identification tags to one or more workloads in your workload list, affiliating them with a unique color and description. When the tags are attached, you can sort the list by the tag attribute – grouping the similar tags together to facilitate mass

selection for setting operations. To set up workload tags:

1 In the PlateSpin Forge Web Interface, click Settings > Workload Tags > Create Workload Tag. The Workload Tag Creation page is displayed.

The page provides a way for you to specify a tag name (25-character limit) and associate a color with that description. You can create as many unique tags as you like, although the choice of unique colors is limited.

As you save a new tag, it is added to the list of available workload tags in the Workload Tags view of Settings page. In that view, you can edit or delete any of the tags in the list.

(37)

The Workloads page includes a Tag column where the single tag you associate with a workload is displayed. When you sort on this column, you can group the tags together to run available operations on those tagged workloads at the same time.

To associate a single tag with a workload:

1 In the workload list, select the workload you want to tag, then click Configure to open its configuration page.

2 In the Tag section of the configuration page, open the drop-down list, select the tag name you want to associate with the workload, then click Save.

More Tag Information

The following facts about workload tags are also important for you to know:  When you export a workload to a new server, its tag settings persist.  You cannot delete a tag if it is associated with any workload in the list.

 To remove, or disassociate a tag from a workload, select the “empty” string from the drop-down list of tag names.

2.5.4

Configuring PlateSpin Server Behavior through XML

Configuration Parameters

Some aspects of your PlateSpin Server’s behavior are controlled by configuration parameters that you set on a configuration web page residing your Forge VM at:

https://Your_PlateSpin_Server/platespinconfiguration/

NOTE: Under normal circumstances you should not need to modify these settings unless you are advised to do so by PlateSpin Support.

To change and apply any configuration parameters:

1 From any web browser, open https://Your_PlateSpin_Server/platespinconfiguration/. 2 Locate the required server parameter and change its value.

3 Save your settings and exit the page.

No reboot or restart of services is required after the change is made in the configuration tool. The following topics provide information on specific situations when you might need to change

PlateSpin Forge 11.1 User Guide

PlateSpin Forge

Legal Notice

© 2015 NetIQ Corporation. All Rights Reserved.

Contents

About this Book and the Library 7

3 Appliance Setup and Maintenance 43

6 Essentials of Workload Protection 77

About this Book and the Library

Information in the Library

Getting Started Guide

Additional Resources

About NetIQ Corporation

Adapting to change and managing complexity and risk are nothing new

Our Philosophy

Selling intelligent solutions, not just software

Our Solutions

Contacting Documentation Support

Planning Your PlateSpin Environment

Supported Configurations

Supported Windows Workloads

Operating System Notes

Server-based Cluster workloads

Supported Windows File Systems

Workload Firmware (UEFI and BIOS) Support

Workload Complex Disk Partitioning Support

Supported Linux Workloads

Operating System Notes

Supported Linux File Systems

Requirement for a blkwatch Driver

Supported VM Containers

Operating System Notes

Supported System Firmware

Supported Browsers for the PlateSpin Forge Web Interface

Security and Privacy

Security of Workload Data in Transmission

Security of Credentials

Network Port Settings

Port Number Protocol Function Details

TCP SMB

Additional Security Enhancements

About Product Performance Characteristics

Data Compression

Bandwidth Throttling

Scalability

PlateSpin Forge Application

Launching the PlateSpin Forge Web Interface

Product Licensing

Online License Activation

To set up online license activation:

Offline License Activation

Setting Up User Authorization and Authentication

Authentication

Managing PlateSpin Forge Access and Permissions

Workload Protection Role Details Administrators Power Users Operators

Assigning a Workload Protection Role to a PlateSpin Forge User

To restart the PlateSpin Server:

Managing PlateSpin Forge Security Groups and Workload

Configuring Access and Communication Settings

Open Port Requirements for the PlateSpin Server

Port (Default) Remarks

Access and Communication Requirements for Workloads

Port (Default) Remarks

Access and Communication Requirements for Containers

Workload Type Prerequisites Required Ports

Configuring the Application to Function through NAT

on Linux Workloads

Setting Up Automatic Email Notifications of Events and

SMTP Configuration

To configure SMTP settings:

Setting Up Automatic Event Notifications by Email

To set up automatic event notifications:

Event Types Remarks

Setting Up Automatic Replication Reports by EMail

Log Entry Type: Information

Language Setup for International Versions of PlateSpin

Using Tags to Help Sort Workloads

To associate a single tag with a workload:

More Tag Information

Configuration Parameters